For years, application security followed a predictable architecture: developers wrote code, pipelines built and tested it, and runtime controls attempted to catch what slipped through. Each stage had dedicated tools, teams, and assumptions about where risk resided. That model is breaking under the weight of artificial intelligence.

At RSAC 2026, the most compelling startups were not simply layering AI onto existing categories. They were responding to a fundamental shift: AI is compressing the software development life cycle, blurring the lines between writing code, deploying it, and operating it. In many cases, those steps now occur simultaneously, driven by the same AI agents. The result is not just more software; it is a collapse of security boundaries. When those boundaries collapse, so do the traditional control points that security teams have relied upon.

AppSentinels: Securing workflows, not just endpoints

Rooted in API security, AppSentinels has expanded its scope to address security needs in AI-driven systems. As AI agents and services increasingly interact through APIs, risk is no longer limited to individual endpoints; it lies in how those endpoints are chained together. The company focuses on understanding and securing how APIs are used in combination rather than in isolation. Co-founder and CEO Puneet Tutliani explains that it is not a single endpoint but the way workflows are stitched together that creates problems. Agents automate complex sequences of actions across APIs at machine speed, exposing logic flaws, bypassing controls, or causing unintended side effects. Traditional API security tools, which focus on individual requests, are not suited to detect this behavior. AppSentinels combines continuous testing with runtime governance to model and monitor workflows as they execute, including explicit support for agent-driven interactions and visibility into which agents are operating and how they use APIs and tools.

Aurva: Tracking identity and access in an agent-driven world

While AppSentinels looks at the seams in workflows, Aurva focuses on the who or what performing the work. Originally centered on runtime data visibility, Aurva’s story has shifted toward identity and access in the context of AI agents. Agents often require broad permissions to function, accessing APIs, querying data stores, and interacting with multiple systems on behalf of users. This creates complex chains of identity and authorization that are difficult to track and constrain. Aurva monitors those chains in real time, correlating kernel-level activity with identity and access data to understand what agents are doing, what data they access, what permissions they use, and how they are using them. CEO Apuru Garg notes that the problem is not just visibility but understanding agent behavior. Traditional identity and access management defines what should be allowed; Aurva attempts to show what is actually happening and where permissions may be broader than necessary. Currently focused on detection and analysis rather than enforcement, Aurva fills a gap as agents become more autonomous and tracing their actions becomes a prerequisite for meaningful access control.

Backline: Closing the loop between finding and fixing

Backline tackles one of the oldest challenges in application security: what happens after vulnerabilities are found. For years, the industry has excelled at generating findings but been far less effective at ensuring they are actually fixed. AI accelerates development, increasing vulnerability volume without scaling remediation capacity. Backline’s answer is to automate the remediation process itself. The platform integrates with repositories and CI/CD systems to identify exploitable vulnerabilities, generate fixes, and validate those fixes through existing build and test workflows. Co-founder and VP of R&D Aviad Chen states that the question is no longer which vulnerability matters but how to fix it at scale. Where earlier tools focused on triage, Backline compresses the entire loop from detection to resolution into a single automated process. The risk of introducing new errors is mitigated by validating changes inside the pipeline before they reach production. In an environment where vulnerabilities outpace human remediation, automation becomes a necessity.

Backslash: Securing the AI development toolchain

In traditional development, the path from idea to code was relatively controlled. Today, that path runs through a growing set of AI tools—coding assistants, agents, plugins, Model Context Protocol (MCP) servers, and external services—many operating outside formal oversight. Backslash focuses on this in-between layer: the AI development toolchain. The company provides visibility into which AI tools and agents are used across an organization, along with policy controls and guardrails governing their interaction. It also controls how data moves between components, addressing risks like prompt injection and unintended data exposure. Field CTO Gil Friedman explains that security teams are no longer dealing with individual developers but with tools that sit between initiative and output. Two consequences arise: security teams lack basic visibility into AI tool usage, especially among non-developers, and traditional controls struggle to capture interactions between agents, plugins, and local processes. Backslash’s answer is an endpoint-level guardian that inventories these components, evaluates risk, and enforces policies on installation and execution.

Chainloop: Building governance into the software factory

Chainloop addresses a failure point exacerbated by AI-powered development: what happens when AI accelerates everything else. As development speeds up, governance becomes the bottleneck. Chainloop serves as a software supply chain control plane, capturing artifacts across the entire pipeline—code changes, build outputs, scan results, and deployments—to create a central, verifiable system of record. It applies policy-as-code guardrails that automatically enforce requirements. Co-founder and CEO Daniel Liszka notes that organizations can generate and ship code faster than ever, but integration, compliance, and security remain slow. Chainloop automates that outer loop, defining guardrails as code and tying them directly to pipeline events, enabling real-time feedback loops for AI agents. Agents can iterate on code or configurations until they meet defined policies, replacing manual review. Governance is being reframed as infrastructure—something that must be automated for AI-driven development to scale. The trade-off is complexity, requiring organizations to think in terms of systems, provenance, and policy frameworks rather than just tools.

FireTail: Gaining visibility into AI usage across the organization

Described as an end-to-end AI security platform, FireTail answers a broader question: who is using AI, and how. As AI tools proliferate, usage spreads beyond development teams to include product managers, analysts, and other business functions, often without a clear inventory of which tools are in use, what data is shared, and where risks are introduced. FireTail provides that visibility, monitoring both employee usage (e.g., interactions with ChatGPT) and application-level usage (e.g., agents built on cloud AI services). It aggregates activity into unified log streams to detect data leakage, policy violations, or anomalous behavior. Founder Jeremy Snyder says the first use case for every customer is knowing who is using what AI service. From there, organizations can define policies and enforce them at the endpoint or browser level. This is less about enforcing behavior within the pipeline and more about establishing baseline visibility and governance across the organization—a prerequisite for control.

Raven: Enforcing trust where code runs

At the far end of the software life cycle, Raven takes a different approach. Rather than focusing on code before it runs, it focuses on what happens when it does. Previously described as a runtime platform for prioritization and detection, Raven now pushes toward runtime prevention. Static analysis produces vast volumes of vulnerabilities, many never exercised in production. Simultaneously, AI reduces the time to discover and exploit real weaknesses, making the traditional model of scanning for known issues and prioritizing by CVEs increasingly irrelevant. Raven observes behavior at runtime, using kernel-level techniques to monitor application execution without injecting code or modifying the environment. It identifies anomalous behavior in libraries or functions and blocks execution in real time. Co-founder and CEO Roi Abitboul emphasizes that they stop relying on CVEs and look at what the application is actually doing. Raven treats runtime as the ultimate control point, arguing that AI is too slow for real-time prevention and instead uses it selectively for analysis. As both development and exploit generation accelerate, runtime enforcement becomes less of a fallback and more of a primary defense.

Seezo: Securing what gets built, before code exists

One of the most dramatic shifts is occurring at the very start of the development life cycle. Previous vendors focused on scanning code after it was written, but Seezo believes that in an AI-driven world, that is too late. The company focuses on generating security requirements before code is written, shaping how both developers and AI agents build systems from the outset. Co-founder and CEO Sandesh Mysore Anand points out that the cost of generating code has gone to zero while the cost of reviewing code remains high. Instead of interrupting developers with scans and findings, Seezo inserts security into the requirements layer—the one place both humans and AI systems rely on to understand intent. When AI agents read instructions that include security constraints, the resulting code improves before it ever hits a pipeline. This approach depends on organizations adopting a more disciplined requirements process, which many have historically resisted. But as AI increases output, that discipline becomes less optional.

TestifySec: Turning compliance into a continuous control

TestifySec promises to turn the development pipeline into a live audit feed, tackling a stubborn bottleneck: compliance as a gating function. In traditional environments, proving software meets regulatory or security requirements is slow, manual, and disconnected from how code is built. That lag becomes critical when AI agents generate changes faster than teams can review them. TestifySec moves compliance into the pipeline using an evidence-based model. Instead of relying on documentation and manual audits, it maps code, test results, and artifacts directly to security controls and evaluates them continuously. Co-founder and CEO Cole Kennedy explains that organizations can write software fast but cannot ship it faster because they cannot measure it. TestifySec closes that measurement gap by using AI agents to analyze what evidence should exist for a given control and then searching for that evidence across the codebase, pipeline outputs, and supporting artifacts. Developers get feedback on compliance before code is merged, rather than waiting for downstream audit cycles. Compliance becomes a continuous signal inside CI/CD. The challenge is trust—automated compliance has been promised before, and organizations are cautious about replacing human validation. Yet as development speed increases, the growing backlog of uncertified software may demand such automation.

If there was a single takeaway from RSAC 2026, it is that the industry is no longer debating whether AI will change software development. It already has. What remains is determining where security belongs when the boundaries between development, deployment, and execution no longer hold. These nine vendors are not converging on a single answer; instead, they are redefining control points across the entire life cycle—from requirements and toolchains to pipelines, runtime, and workflows. Not every approach will prove durable, and not every new layer will become a category. But the direction is clear: as AI compresses the development life cycle and accelerates both creation and exploitation, security can no longer rely on isolated checkpoints. Trust must be enforced continuously, in more places than before. The challenge for organizations is not just adopting new tools but deciding where those control points should reside in their environments. The answer will vary, but the underlying shift is the same: security is no longer a stage—it is part of the system itself.

Source: InfoWorld News